This preview has intentionally blurred parts. Sign up to view the full document

View Full Document

Unformatted Document Excerpt

Indicate 12 True/False whether the statement is true or false. ____ ____ ____ ____ ____ ____ ____ ____ ____ 1. If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well. 2. As threats evolve or new vulnerabilities in the systems emerge, the information security team must determine if a shift in the priorities of the organizations security posture is required. 3. The tracking of trouble tickets should include tracking problem resolution. 4. Policies can be considered enforceable even if they have not been understood and agreed to. 5. Users do not participate in configuration management. 6. Documentation procedures are not required for configuration and change management processes. 7. When the amount of data stored on a particular hard drive averages 30-40% of available capacity for a prolonged period, consider an upgrade for the hard drive. 8. A maintenance model such as the ISO model deals with methods to manage and operate systems. 9. External monitoring entails collecting intelligence from various data sources, and then giving that intelligence context and meaning for use by decision makers within the organization. ____ 10. Often, US-CERT is viewed as a definitive authority with regard to computer and information security events. ____ 11. Many publicly accessible information sources, both mailing lists and Web sites, are available to those organizations and individuals who have the time, expertise, and grant access to make use of them. ____ 12. Over time, external monitoring processes should capture information about the external environment in a format that can be referenced both across the organization as threats emerge and for historical use. ____ 13. The value of internal monitoring is low when the resulting knowledge of the network and systems configuration is fed into the vulnerability assessment and remediation maintenance domain. ____ 14. The characteristics concerned with manufacturer and software versions are about technical functionality and they should be kept highly accurate and up-to-date. ____ 15. The target selection step involves using the external monitoring intelligence to configure a test engine (such as Nessus) for the tests to be performed. ____ 16. The intranet scan starts with an Internet search engine. ____ 17. All systems that are mission critical should be enrolled in PSV measurement. ____ 18. All telephone numbers controlled by an organization should be tested, unless the configuration of the phone equipment on premises can assure that no number can be dialed from the worldwide telephone system. ____ 19. The vulnerability database, like the risk, threat, and attack database, both stores and tracks information. ____ 20. Remediation of vulnerabilities can be accomplished by accepting or transferring the risk, removing the threat, or repairing the vulnerability. ____ 21. In some instances, risk is acknowledged as being part of an organizations business process. ____ 22. Threats cannot be removed without requiring a repair of the vulnerability. ____ 23. Rehearsal adds value by exercising the procedures, identifying shortcomings, and providing security personnel the opportunity to improve the security plan before it is needed. ____ 24. Policy needs to be reviewed periodically. ____ 25. Major planning components should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate. Modified True/False Indicate whether the statement is true or false. If false, change the identified word or phrase to make the statement true. ____ 26. The CISO uses the results of maintenance activities and the review of the information security program to determine if the status quo can adequately meet the threats at hand. _________________________ ____ 27. In the original ISO model, real management is the process of identifying, tracking, diagnosing, and resolving faults in the system. _________________________ ____ 28. A trouble ticket is closed when a user calls about an issue. _________________________ ____ 29. Facilities management is the administration of the configuration of the components of the security program. _________________________ ____ 30. In order to assist in the actual management of information security programs, organizations should adopt a formal management standard that can provide some insight about what processes and procedures are needed. _________________________ ____ 31. ISO 7799 (Part 2) introduces a process model with a set of steps called Plan-Do-Check-Act. _________________________ ____ 32. CERTs stands for computer emergency recovery teams. _________________________ ____ 33. UN-CERT is a set of moderated mailing lists full of detailed, full-disclosure discussions and announcements about computer security vulnerabilities. _________________________ ____ 34. Specific routine bulletins are issued when developing threats and specific attacks pose a measurable risk to the organization. _________________________ ____ 35. The basic function of the external monitoring process is to monitor activity, report results, and escalate warnings. The summaries present either statistical results or itemized lists of significant new vulnerabilities. _________________________ ____ 36. The primary goal of the external monitoring domain is to maintain an informed awareness of the state of all of the organizations networks, information systems, and information security defenses. _________________________ ____ 37. Organizations should have a carefully planned and fully populated inventory of all their network devices, communication channels, and computing devices. _________________________ ____ 38. The primary value of active evolution in an organization-wide IT governance process is the increased awareness of the impact of change. _________________________ ____ 39. Many organizations have an architecture review board designated to plan, review, and approve managed technology. _________________________ ____ 40. To be put to the most effective use, the information that comes from the IDPS must be integrated into the inventory process. _________________________ ____ 41. An example of the type of vulnerability exposed via traffic analysis can be observed when an organization is trying to determine if all its device signatures have been adequately masked. _________________________ ____ 42. The process of identifying and documenting specific and provable flaws in the organizations information asset environment is called VA. _________________________ ____ 43. The internal vulnerability assessment is usually performed against all public-facing addresses, using every possible penetration testing approach. _________________________ ____ 44. You can document the results of the verification by saving a(n) profile. _________________________ ____ 45. WLAN stands for wide local area network. _________________________ ____ 46. The final process in the vulnerability assessment and remediation domain is the exit phase. _________________________ ____ 47. The optimum solution in most cases is to repair the vulnerability. _________________________ ____ 48. When possible, major plan elements should be rehearsed. _________________________ ____ 49. The CERT uses the results of maintenance activities and the review of the information security program to determine if the status quo can adequately meet the threats at hand. _________________________ ____ 50. A(n) war game puts a subset of plans in place to create a realistic test environment. _________________________ Multiple Choice Identify the choice that best completes the statement or answers the question. ____ 51. ____ are a component of the security triple. a. Threats c. Vulnerabilities b. Assets d. All of the above ____ 52. The information security personnel who perform penetration testing are often consultants or outsourced contractors, and are commonly referred to as ____. a. whitehat hackers c. tiger teams b. ethical hackers d. All of the above ____ 53. ____ involves security personnel simulating or performing specific and controlled attacks to compromise or disrupt their own systems by exploiting documented vulnerabilities. a. Penetration testing c. Attack simulation b. Penetration simulation d. Attack testing ____ 54. ____ management is the administration of changes in the strategy, operation, or components of the information security program. a. Revision c. Upload b. Update d. Change ____ 55. ____ enables organizations to charge their internal departments for system use. a. Auditing c. Change management b. Chargeback accounting d. Performance baseline ____ 56. When the memory usage associated with a particular CPU-based system averages ____% or more over prolonged periods, consider adding more memory. a. 30 c. 90 b. 60 d. 100 ____ 57. ____ specifies requirements for establishing, implementing, and documenting an information security management system. ____ 58. ____ 59. ____ 60. ____ 61. ____ 62. ____ 63. ____ 64. ____ 65. ____ 66. ____ 67. ____ 68. ____ 69. ____ 70. a. ISO 27001 c. BS 7799 b. ISO 27002 d. BS 17799 The Plan-Do-Check-Act process is an implementation of the ____ approach to internal controls to manage risk. a. CNSS 4012 c. ISO 27001 b. NIST SP800-12 d. ISO 1899 The primary mailing list, called simply ____, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited, and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists. a. Bug c. Buglist b. Bugfix d. Bugtraq The ____ is a part of the US-CERT and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. a. Bug/CERT c. CC/CERT b. Bugtraq/CERT d. CERT/CC The ____ list is intended to facilitate the development of a free network exploration tool. a. Nmap-hackers c. Security Focus b. Packet Storm d. Snort-sigs The ____ commercial site focuses on current security tool resources. a. Nmap-hackers c. Security Laser b. Packet Storm d. Snort-sigs The ____ mailing list includes announcements and discussion of an open source IDS. a. Nmap-hackers c. Security Focus b. Packet Storm d. Snort-sigs The optimum approach for escalation is based on a thorough integration of the monitoring process into the ____. a. IDE c. ERP b. CERT d. IRP Detailed ____ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported. a. escalation c. monitoring b. intelligence d. None of the above As an alternative view of the way data flows into the monitoring a(n) process, ____ approach may prove useful. a. DTD c. Schema b. DFD d. ERP The process of building awareness of change requires a leadership and educational role for the ____. a. VP c. CISO b. CEO d. CTO One approach that can improve the situational awareness of the information security function uses a process known as ____ to quickly identify changes to the internal environment. a. baseline c. differential b. difference analysis d. revision ____ is used to respond to network change requests and network architectural design proposals. a. Network connectivity RA c. Application RA b. Dialed modem RA d. Vulnerability RA A(n) ____ is a statement of the boundaries of the RA. ____ 71. ____ 72. ____ 73. ____ 74. ____ 75. a. scope c. footer b. disclaimer d. head There are ____ common vulnerability assessment processes. a. two c. four b. three d. five The steps of the Internet vulnerability assessment include ____, which is when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection. a. Scanning c. Test selection b. Target selection d. Analysis The ____ vulnerability assessment process is designed to find and document selected vulnerabilities that are likely to be present on the internal network of the organization. a. intranet c. LAN b. Internet d. WAN The ____ process is designed to find and document the vulnerabilities that may be present because there are misconfigured systems in use within the organization. a. ASP c. SVP b. ISP d. PSV The ____ vulnerability assessment process is designed to find and document any vulnerability that is present on dial-up modems connected to the organizations networks. a. modem c. dial b. phone d. network Completion Complete each statement. 76. The CISO must constantly monitor the three components of the security ____________________. 77. As the help desk personnel screen problems, they must also track the activities involved in resolving each complaint in a help desk information system The tracking process is commonly implemented using a(n) ____________________ ticket. 78. The information security management model continues with ____________________ management and change management. 79. ____________________ is the process of reviewing the use of a system, not to check performance, but rather to determine if misuse or malfeasance has occurred. 80. A performance ____________________ is an expected level of performance against which all subsequent levels of performance are compared. 81. The objective of the external ____________________ domain within the maintenance model is to provide the early awareness of new and emerging threats, threat agents, vulnerabilities, and attacks that the organization needs in order to mount an effective and timely defense. 82. The primary goal of the ____________________ monitoring domain is to maintain an informed awareness of the state of all of the organizations networks, information systems, and information security defenses. 83. The process of collecting detailed information about devices in a network is often referred to as ____________________. 84. A(n) ____________________ analysis is a procedure that compares the current state of a network segment (the systems and services it offers) against a known previous state of that same network segment (the baseline of systems and services). 85. The primary objective of the planning and risk ____________________ domain is to keep a lookout over the entire information security program. 86. A key component in the engine that drives change in the information security program is a relatively straightforward process called an information security ____________________ risk assessment. 87. The primary goal of the vulnerability assessment and ____________________ domain is to identify specific, documented vulnerabilities and remediate them in a timely fashion. 88. The process of identifying and documenting specific and provable flaws in the organizations information asset environment is called ____________________ assessment. 89. The ____________________ vulnerability assessment process is designed to find and document the vulnerabilities that may be present in the public-facing network of the organization. 90. During the analysis step of Internet vulnerability assessment, the analyst must document the results of the verification by saving a(n) ____________________ (usually a screenshot) that can be used to convince skeptical systems administrators that the vulnerability is real. 91. The platform security ____________________ process is designed to find and document the vulnerabilities that may be present because there are misconfigured systems in use within the organization. 92. The ____________________ vulnerability assessment process is designed to find and document the vulnerabilities that may be present in the wireless local area networks of the organization. 93. The ____________________ vulnerability assessment process is designed to find and document any vulnerability that is present on dial-up modems connected to the organizations networks. 94. The primary goal of the readiness and ____________________ domain is to keep the information security program functioning as designed and to keep it continuously improving over time. 95. Rehearsals that closely match reality are called ____________________ games. 96. The modem vulnerability assessment process is designed to find and document any vulnerability that is present on dial-up modems connected to the organizations networks. One of the elements of this process involves using scripted dialing attacks against a pool of phone numbers; this is often called war ____________________. 97. The ____________________ interconnections are network devices, communications channels, and applications that may not be owned by the organization but are essential to the continued operation of the organizations partnership with another company. 98. When an organization uses specific software products as part of its information security program, the ____________________ often provides either direct support or indirect tools that allow user communities to support each other. 99. The proven cases of real vulnerabilities can be considered vulnerability ____________________. 100. The Analysis step of Internet vulnerability assessment is when a knowledgeable and experienced vulnerability analyst screens the test results for the candidate ____________________ logged during scanning. Essay 101. List five areas of the ISO model. 102. List and describe the steps associated with configuration management. 103. List the five domains of the recommended maintenance model. 12 Answer Section TRUE/FALSE 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: Register to View AnswerT T F F F F F T T F T F T F F T F T T T F T T T PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: 511 511 513 515 514 516 518 519 521 522 522 525 526 527 538 539 541 542 543 543 543 544 545 545 544 MODIFIED TRUE/FALSE 26. Register to View Answer27. Register to View Answerfault PTS: 1 28. Register to View Answeropened REF: 512 PTS: 1 REF: 545 PTS: 1 REF: 513 29. Register to View AnswerConfiguration PTS: 1 REF: 514 30. Register to View Answer31. Register to View AnswerISO 27001 PTS: 1 REF: 519 PTS: 1 32. Register to View Answerresponse PTS: 1 33. Register to View AnswerBugtraq PTS: 1 34. Register to View Answerwarning PTS: 1 35. Register to View Answer36. Register to View Answerinternal REF: 519 REF: 522 REF: 522 REF: 525 PTS: 1 REF: 525 PTS: 1 REF: 526 37. Register to View Answer38. Register to View Answerengagement PTS: 1 REF: 528 39. Register to View Answer40. Register to View Answermaintenance PTS: 41. ANS: 42. ANS: 43. ANS: 1 T T F, Internet REF: 528 PTS: 1 REF: 527 PTS: 1 REF: 528 PTS: 1 PTS: 1 REF: 538 REF: 539 REF: 529 REF: 537 PTS: 1 44. Register to View Answertrophy PTS: 1 45. Register to View Answerwireless PTS: 1 REF: 542 46. Register to View Answerremediation PTS: 47. ANS: 48. ANS: 49. ANS: 1 T T F, CISO REF: 543 PTS: 1 PTS: 1 REF: 545 PTS: 1 REF: 546 REF: 544 REF: 544 PTS: 1 50. Register to View Answer MULTIPLE CHOICE 51. Register to View Answer52. Register to View AnswerPTS: 1 PTS: 1 REF: 511 REF: 512 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: Register to View AnswerD B B A C D D A B D D B B C B A A D A A D A PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: 512 514 517 518 519 519 522 522 524 524 524 524-525 525 525 528 529 532 533 537 538 539 540 542 COMPLETION 76. ANS: triple PTS: 1 77. ANS: trouble REF: 558 PTS: 1 REF: 513 78. ANS: configuration PTS: 1 79. ANS: Auditing PTS: 1 80. ANS: baseline PTS: 1 81. ANS: monitoring PTS: 1 82. ANS: internal PTS: 1 REF: 514 REF: 517 REF: 518 REF: 521 REF: 526 83. ANS: characterization PTS: 1 84. ANS: difference PTS: 1 85. ANS: assessment PTS: 1 86. ANS: operational PTS: 1 87. ANS: remediation REF: 527 REF: 529 REF: 530 REF: 532 PTS: 1 REF: 536 88. ANS: vulnerability PTS: 1 89. ANS: Internet PTS: 1 90. ANS: trophy PTS: 1 91. ANS: validation PTS: 1 92. ANS: wireless PTS: 1 93. ANS: modem PTS: 1 94. ANS: review PTS: 1 95. ANS: war PTS: 1 96. ANS: dialing PTS: 1 97. ANS: partner PTS: 1 98. ANS: vendor PTS: 1 99. ANS: instances REF: 537 REF: 538 REF: 539 REF: 540 REF: 541 REF: 542 REF: 544 REF: 546 REF: 542 REF: 527 REF: 521 PTS: 1 REF: 539 100. ANS: vulnerabilities PTS: 1 ESSAY 101. ANS: The core ISO model addresses management and operation through five areas: - Fault management - Configuration and name management - Accounting management - Performance management - Security management PTS: 1 REF: 512 102. ANS: There are four steps associated with configuration management. 1. Configuration identification: The identification and documentation of the various components, implementations, and states of configuration items 2. Configuration control: The administration of changes to the configuration items and the issuance of versions 3. Configuration status accounting: The tracking and recording of the implementation of changes to configuration items 4. Configuration audit: Auditing and controlling the overall configuration management program PTS: 1 REF: 516 103. ANS: The recommended maintenance model is based on five subject areas or domains: - External monitoring - Internal monitoring - Planning and risk assessment - Vulnerability assessment and remediation - Readiness and review PTS: 1 REF: 520 REF: 538 ... View Full Document

End of Preview

Sign up now to access the rest of the document